Alert September 21, 2010

FDIC Issues Guidance on Mitigating Risk Posed by Information Stored on Photocopiers, Fax Machines and Printers

The FDIC issued guidance (FIL-56-2010, theGuidance“) concerning the risk posed by sensitive information stored on photocopiers, fax machines and printers (the “Electronic Devices” and each an “Electronic Device”) and how depository institutions (“DIs”, and each a “DI”) should mitigate that risk.  The Electronic Devices, noted the FDIC, may contain a hard drive or flash memory that stores digital images of documents that are copied, transmitted or printed by the Electronic Device.  The documents copied, transmitted or printed will often contain confidential information concerning the DI or its customers.  The Guidance states that DIs should adopt and implement “written policies and procedures to identify devices that store digital images of business documents and ensure their hard drive or flash memory is erased, encrypted or destroyed prior to being returned to the licensing company, sold to a third party or otherwise disposed of.”